338 matches found
CVE-2008-1148
A certain pseudo-random number generator PRNG algorithm that uses ADD with 0 random hops aka "Algorithm A0", as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as 1 DNS transaction IDs or 2 IP fragmentation IDs by observing a...
CVE-2008-1148
CVE-2008-1148 concerns a flaw in a PRNG using ADD with 0 random hops (Algorithm A0) that affects OpenBSD 3.5–4.2 and NetBSD 1.6.2–4.0. Attackers can observe a sequence of previously generated values to guess sensitive identifiers such as DNS transaction IDs and IP fragmentation IDs, enabling pote...
FreeBSD Security Advisory FreeBSD-SA-07:09.random
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:09.random Security Advisory The FreeBSD Project Topic: Random value disclosure Category: core Module: sysdevrandom Announced: 2007-11-29 Credits: Robert Woolle...
UltraVNC w/ DSM Plugin Detection (2)
UltraVNC seems to be running on the remote port. Upon connection, the remote service on this port sends pseudo-random bytes. It is probably UltraVNC with the new DSM encryption plugin. This plugin tunnels the RFB protocol into a RC4 or AES encrypted stream. %NASLMINLEVEL 70300 C Tenable Network...
Mozilla Foundation Security Advisory 2007-05
Mozilla Foundation Security Advisory 2007-05 Title: XSS and local file access by opening blocked popups Impact: Moderate Announced: February 23, 2007 Reporter: shutdown, Michal Zalewski Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.2 Firefox 1.5.0.10 SeaMonkey 1.0.8 Description shutdown...
WordPress Plugin SpamBam - Key Calculation Security Bypass
WordPress Plugin SpamBam - Key Calculation Security Bypass source: https://www.securityfocus.com/bid/27291/info SpamBam is prone to a security-bypass vulnerability because client-accessible data can be used to calculate verification keys. Attackers can exploit this issue to submit arbitrary form...
Multiple security vulnerabilities in Bluetooth protocol and Bluetooth stacks implementations
Buffer overflows, weak authentication algorithm, weak pseudo-random number generators, directory traversals, etc...
CVE-2006-3419
Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes RANDpseudobytes instead of cryptographically strong RANDbytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks...
DEBIAN-CVE-2006-3419
Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes RANDpseudobytes instead of cryptographically strong RANDbytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks...
CVE-2006-3419
Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes RANDpseudobytes instead of cryptographically strong RANDbytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks...
UltraVNC w/ DSM plugin detection
UltraVNC seems to be running on the remote port. Upon connection, the remote service on this port always sends the same 12 pseudo-random bytes. It is probably UltraVNC with the DSM encryption plugin. This plugin tunnels the RFB protocol into a RC4 encrypted stream. SPDX-FileCopyrightText: 2006...
Multiple Citadel bugs
Weak PRNG, buffer overflows, DoS...
CVE-2001-1141
The Pseudo-Random Number Generator PRNG in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers...
CVE-2001-1141
CVE-2001-1141: OpenSSL/SSLeay PRNG weakness before 0.9.6b allows attackers to use outputs from small PRNG requests to infer internal state, enabling future-prediction of random numbers. Affected versions include OpenSSL up to 0.9.6b; impact stated as potential exposure of cryptographic material. ...
FreeBSD-SA-01:51.openssl
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:51 Security Advisory FreeBSD, Inc. Topic: OpenSSL 0.9.6a and earlier contain flaw in PRNG REVISED Category: core Module: openssl Announced: 2001-07-30 Revised: 2001-07-31...
CVE-2001-1141
The Pseudo-Random Number Generator PRNG in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers...
Проблемы с генерацией псевдо-случайных чисел в OpenSSL (pseudo random generator weakness)
Можно воссоздать состояние генератора псевдо-случайных чисел...
Insecure Random Number Generator
Insecure RNG: stormpath-sdk-php/src/Util/UUID.php Lines 167 to 181 in 15aee30 / Generate an UUID version 4 pseudo random / static private function generateRandom$ns, $node $uuid = self::$muuidfield; $uuid'timehi' = 4 12 | mtrand0, 0x1000; $uuid'clockseqhi' = 1 7 | mtrand0, 128; $uuid'timelow' =...